Windows PowerShell command on Get-command tcpd
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man tcpd



Maintenance Commands                                     TCPD(1M)




NAME

     tcpd - access control facility for internet services



DESCRIPTION

     The tcpd program can be set up to monitor incoming  requests

     for telnet, finger, ftp, exec, rsh, rlogin, tftp, talk, com-

     sat and other services that have a one-to-one  mapping  onto

     executable files.


     The program supports both 4.3BSD-style  sockets  and  System

     V.4-style TLI.  Functionality may be limited when the proto-

     col underneath TLI is not an internet protocol.

     Operation is as follows:  whenever  a  request  for  service

     arrives,  the  inetd daemon is tricked into running the tcpd

     program instead of the desired server. tcpd logs the request

     and does some additional checks. When all is well, tcpd runs

     the appropriate server program and goes away.


     Optional features are: pattern-based access control,  client

     username  lookups with the RFC 931 etc. protocol, protection
     against hosts that pretend to have someone elses host  name,
     and  protection  against  hosts that pretend to have someone
     elses network address.

LIBWRAP INTERFACE

     The same monitoring and access  control  functionality  pro-

     vided  by  the  tcpd  standalone  program  is also available

     through the libwrap shared library interface. Some programs,
     including  the  Solaris inetd daemon, have been modified  to
     use the libwrap interface and thus do not require  replacing

     the real server programs with tcpd. The libwrap interface is

     also more efficient and can be used for inetd internal  ser-

     vices. See inetd(1M) for more information.

LOGGING

     Connections that are monitored by tcpd are reported  through

     the  syslog(3)  facility. Each record contains a time stamp,
     the client host name and the name of the requested  service.
     The information can be useful to detect unwanted activities,
     especially when logfile information from  several  hosts  is
     merged.

     In order to find out where your logs are going, examine  the
     syslog configuration file, usually /etc/syslog.conf.

ACCESS CONTROL

     Optionally, tcpd supports a simple form  of  access  control

     that  is  based  on  pattern  matching.   The access-control

     software provides hooks for the execution of shell  commands

     when  a pattern fires.  For details, see the hosts_access(4)

     manual page.



SunOS 5.10                Last change:                          1






Maintenance Commands                                     TCPD(1M)




HOST NAME VERIFICATION

     The authentication scheme of some  protocols  (rlogin,  rsh)
     relies  on host names. Some implementations believe the host

     name that they get from any random name server; other imple-

     mentations are more careful but use a flawed algorithm.


     tcpd verifies the client host name that is returned  by  the

     address->name  DNS  server  by  looking at the host name and

     address that are returned by the name->address  DNS  server.

     If  any  discrepancy  is detected, tcpd concludes that it is

     dealing with a host that pretends to have someone elses host
     name.


     If the sources are compiled with -DPARANOID, tcpd will  drop

     the  connection  in  case  of  a host name/address mismatch.
     Otherwise, the hostname can be  matched  with  the  PARANOID
     wildcard, after which suitable action can be taken.

HOST ADDRESS SPOOFING

     Optionally, tcpd disables source-routing socket  options  on

     every  connection that it deals with. This will take care of
     most attacks from hosts that pretend to have an address that

     belongs  to someone elses network. UDP services do not bene-

     fit from this protection. This feature must be turned on  at
     compile time.

RFC 931

     When RFC 931 etc. lookups are enabled (compile-time  option)

     tcpd  will attempt to establish the name of the client user.

     This will succeed only if the client host runs an  RFC  931-

     compliant  daemon.   Client  user name lookups will not work

     for datagram-oriented connections, and may cause  noticeable

     delays in the case of connections from PCs.

     Warning: If the local system runs an RFC 931  server  it  is
     important  that it be configured NOT to use TCP Wrappers, or

     that TCP Wrappers  be  configured  to  avoid  RFC  931-based

     access  control  for  this service.  If you use usernames in
     the  access  control  files,  make  sure  that  you  have  a
     hosts.allow  entry  that  allows  the RFC 931 service (often

     called "identd" or "auth")  without  any  username  restric-

     tions.  Failure to heed this warning can result in two hosts
     getting in an endless loop of consulting each other's identd
     services.


EXAMPLES

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-

     butes:






SunOS 5.10                Last change:                          2






Maintenance Commands                                     TCPD(1M)




     _______________________________________

    |   ATTRIBUTE TYPE   |  ATTRIBUTE VALUE|

    |____________________|__________________|_

    | Availability       |  SUNWtcpd       |

    |____________________|__________________|_

    | Interface Stability|  Committed      |

    |____________________|_________________|


NOTES

     Source for tcp_wrappers is available in the SUNWtcpdS  pack-

     age.












































SunOS 5.10                Last change:                          3



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™